17 Actions

Double Encrypting with two different keysIs the first user doing anything other than decrypting the key? What's user 1 doing in the 90 minute session and how can he do this if he doesn't have the full key to log in?

Individual bits of Textbook RSA@DavidCash Got it. I see why it's not provably secure. At the end of the day though, were we able to show that each bit is a hard core bit would this not be a secure scheme?It leaks the Jacobi of $r$ but here $r$ is not the message and the only way to distinguish two messages is to recover a bit of $r$. The jacobi of $r$ leaks nothing about $m$. Yes by releasing the Jacobi of $r$ we are limiting the values that $r$ can take on, but only by a constant factor and a ppt adversary would not be able to check all valid $r$.

Dec17

comment

Individual bits of Textbook RSA@DavidCash Thanks-you. To answer my original question then, none of $m$ can be recovered? So this would imply that if we apply RSA to a random $r$ then under RSA Assumption, no bit of $r$ can be recovered. And we can achieve IND-CPA PKE by using $r$ as in the one time pad--$r \space xor \space m$. This is a simpler scheme than any secure-RSA schemes i have seen, so I was skeptical.

Dec17

comment

Individual bits of Textbook RSAIf every bit is hardcore then how could it leak a bit of information. And what exactly is this information that it is known to leak?